Library Makes ESP Over the Air Updates Easy

Potentially, one of the great things about having a device connected to the network is that you can update it remotely. However, how do you make that happen? If you use the Arduino setup for the ESP8266 or ESP32, you might try [scottchiefbaker’s] library which promises to make the process easy.

Adding it looks to be simple. You’ll need an include, of course. If you don’t mind using port 8080 and the path /webota, you only need to call handle_webota() from your main loop. If you want to change the defaults, you’ll need to add an extra call in your setup. You also need to set up a few global variables to specify your network parameters.

The only caveat is that long delay statements in your loop can block things from working and aren’t a great idea anyway. If you have them, you can replace all your delay calls with webota_delay which will stop the system from ignoring update requests.

The code started from a different online tutorial but packaged the code up nicely for reuse. To do an update, simply navigate to the device with a web browser and use the correct port number and path. From there you can upload a new binary image taken from the Arduino IDE with the export compiled binary command.

The only concern we saw was the code didn’t appear to authenticate you at all. That means anyone could load code into your ESP. That might be ok on a private network, but on the public Internet it is surely asking for trouble. The original tutorial code did have a hardcoded user and password, but it didn’t look very useful as the password was in the clear and didn’t stop you from uploading if you knew the right URL. Dropping it from the library probably makes sense, but we would want to build some kind of meaningful security into anything we deployed.

OTA sketches (atleast with original Arduino, you know this is NOT the first Arduino-ESP8266 OTA library, right?) needs to fit into flash along with current sketch. So effectively, you should use only half of the available flash and leave rest half for next sketch. As an alternate, you can also do chain flashing: Current firmware (Large) -(OTA)-> OTA only firmware (very small) -(Flash)-> Updated firmware (Large again)

I usually implement OTA via a button for safety reasons – pressing it enables OTA and disables everything else (OTA doesn’t play well with interrupts).
And yeah, it bloats the code, but then how many of us have ever fully filled an ESP purely with compiled code?

ESP8266 has had this capability for quite a while now, both through the ESP SDK and Arduino IDE, along with code examples for web-based updates. Examples showing how this is done have been shipping with both environments for ages, I’m not sure what new work is being presented here, except that it’s missing features (like password auth) that are already available out-of-the-box.

This library fulfils a certain functionality, fine with me. I will not use it, since there is already a solution available since quite some time for ESP8266 and ESP32.
There is some security built in, because it uses a hard coded place to fetch the new code. Therefore you would need to hack that webserver and then trigger an OTA Update to hack the ESP. Not perfect, but pragmatic.

I use a different approach. Since my devices are connected with MQTT anyway, I use this communication channel also for OTA.